Difference between revisions of "Cross-Origin iFrame"
From MgmtWiki
(→Context) |
(→References) |
||
| Line 10: | Line 10: | ||
[[Category: Security]] | [[Category: Security]] | ||
| + | [[Category: Identity]] | ||
| + | [[Category: Identifier]] | ||
| + | [[Category: Authentication]] | ||
Revision as of 10:33, 12 March 2021
Full Title or Meme
The Inline Frame, or iFrame was introduced to allow isolated web pages from unrelated entities to embed content seamlessly into a web page.
Context
- Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
- Identity features like OpenID Connect and WebAuthn 2 depends on the Cross-Origin iFrame for a seamless User Experience when identity is provided by a different web site than the Realying Party.
References
- Iframes as a Security Feature does actually acknowledge some of the security problems with iFrames.
